sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Load: Only load PasswordHash class when needed.

Browse Source 
This reverts [38371] which loaded `class-phpass.php` early in `wp-settings.php` and in turn caused backward compatibility problems.

Props DavidAnderson, ketuchetan.
Fixes #39445.


git-svn-id: https://develop.svn.wordpress.org/trunk@40387 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Pascal Birchler 2017-04-06 18:00:16 +00:00
parent 74e7dab932
commit ca0aa133ff
5 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/wp-includes/pluggable.php
View File

@ -1805,6 +1805,7 @@ function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' )
// Now insert the key, hashed, into the DB.
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
$hashed = time() . ':' . $wp_hasher->HashPassword( $key );
@ -2085,6 +2086,7 @@ function wp_hash_password($password) {
global $wp_hasher;
if ( empty($wp_hasher) ) {
require_once( ABSPATH . WPINC . '/class-phpass.php');
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
@ -2144,6 +2146,7 @@ function wp_check_password($password, $hash, $user_id = '') {
// If the stored hash is longer than an MD5, presume the
// new style phpass portable hash.
if ( empty($wp_hasher) ) {
require_once( ABSPATH . WPINC . '/class-phpass.php');
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}

1
src/wp-includes/post-template.php
View File

@ -793,6 +793,7 @@ function post_password_required( $post = null ) {
return apply_filters( 'post_password_required', true, $post );
}
require_once ABSPATH . WPINC . '/class-phpass.php';
$hasher = new PasswordHash( 8, true );
$hash = wp_unslash( $_COOKIE[ 'wp-postpass_' . COOKIEHASH ] );

2
src/wp-includes/user.php
View File

@ -2121,6 +2121,7 @@ function get_password_reset_key( $user ) {
// Now insert the key, hashed, into the DB.
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}
$hashed = time() . ':' . $wp_hasher->HashPassword( $key );
@ -2165,6 +2166,7 @@ function check_password_reset_key($key, $login) {
return new WP_Error('invalid_key', __('Invalid key'));
if ( empty( $wp_hasher ) ) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash( 8, true );
}

1
src/wp-login.php
View File

@ -438,6 +438,7 @@ case 'postpass' :
exit();
}
require_once ABSPATH . WPINC . '/class-phpass.php';
$hasher = new PasswordHash( 8, true );
/**

1
src/wp-settings.php
View File

@ -100,7 +100,6 @@ require( ABSPATH . WPINC . '/class-wp-matchesmapregex.php' );
require( ABSPATH . WPINC . '/class-wp.php' );
require( ABSPATH . WPINC . '/class-wp-error.php' );
require( ABSPATH . WPINC . '/pomo/mo.php' );
require( ABSPATH . WPINC . '/class-phpass.php' );
// Include the wpdb class and, if present, a db.php database drop-in.
global $wpdb;